The North Carolina Department of Information Technology on Friday announced that Rob Main, a longtime state IT official, will serve as chief risk officer, the state’s top cybersecurity job.
In an interview with StateScoop, Main, who’s worked for several different state agencies since 2006, said he wants to address the state’s cybersecurity needs by “empowering” his team members and the agencies and local governments with which his office works.
“Empowered people are the best people to work with,” he said. “As I progressed in my personal career, I’m always mindful of where the work is done.”
Main had been serving as the acting risk officer since the June resignation of his predecessor, Maria Thompson, who’s now a cybersecurity lead with Amazon Web Services’ state and local government practice. On Friday, Main referred to Thompson as a “friend and a mentor.”
“She may have done more for the State of North Carolina in terms of cyber and risk management than anyone could imagine,” Main said. “It’s my goal to build upon that foundation so we can get the most effective risk management body citizens need us to be.”
He said that foundation includes the North Carolina Joint Cyber Security Task Force, a program formed under Thompson that draws on state, local, law enforcement and military personnel to respond to breaches and other incidents around the state. Main said he wants to build on that program by also focusing on preventative measures and drawing up incident-response plans before attacks occur.
“We have room to grow and expand not just reactive services, but also proactive services,” he said. “I want to deepen our relationship with local governments in a whole-of-state efforts. We need to be mindful of local communities and challenges they face in equipping them with the tools to fight off malicious actors, stave off cyber threats.”
Growing that task-force program, he added, will also extend the “whole-of-state” approach to cybersecurity that NCDIT developed under Thompson. He also said he’s eager to continue the state’s collaboration with federal agencies, including the Cybersecurity and Infrastructure Security Agency, the FBI and the U.S. Secret Service.
“I cannot overstate the importance of communications and good relationships,” he said.
As North Carolina’s chief risk officer, Main will answer to state Chief Information Officer Jim Weaver, who was appointed earlier this year.
Main joined NCDIT in 2017 and has since served as the agency CIO for the state Human Resources and Military departments, before being named deputy chief risk officer in 2019. Before that, he was the CIO for the state Department of Insurance, and he also worked as an IT manager for the North Carolina Department of Health and Human Resources.
But Main said he was first drawn to IT and cybersecurity work during his years in the U.S. Air Force, including eight years of active duty and another 17 as a member of the North Carolina Air National Guard.